Overview[1]#

HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect secure HTTPS websites against downgrade attacks and cookie hijacking.

It allows web servers to declare that web browsers or other complying user-agents should only interact with it using secure HTTPS connections, and never via the insecure HTTP protocol.

HTTP Strict Transport Security is an IETF standards track protocol and is specified in RFC 6797.

The HTTP Strict Transport Security Policy is communicated by the server to the user agent via an HTTP Header Field response header field named "Strict-Transport-Security". HTTP Strict Transport Security Policy specifies a period of time during which the user agent shall access the server in a secure-only fashion.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-6) was last changed on 01-Jul-2016 14:07 by jim